Disable-ADAccount

1. #DON'T FORGET TO EDIT THE FUNCTION NAME INTO SOMETHING MEANINGFUL TO YOU
2. Function My-DisableAccount{
3. <#
4. .SYNOPSIS
5. Disables Active Directory Account of User
6. .DESCRIPTION
7. Disables AD Account, hides email address from Global Address list, if an email is present, and gives manager access to user mailbox if a Manager is assigned in AD
8. .PARAMETER UserName
9. The name of the user to disable
10. .EXAMPLE
11. .\My-DisableAccount [Username]
12. #>
13.     [CmdletBinding()]
14.     Param(
15.     [Parameter(Mandatory=$true)]
16.     [String]$Username
17.     )
18.  
19.  
20. #Disables AD UserAccount
21. Set-ADUser $Username -Enabled $false
22.  
23. #Changes Userpassword
24. Set-ADAccountPassword -Identity $Username -NewPassword (ConvertTo-SecureString -AsPlainText "Password" -Force)
25.  
26. Write-Host "The Account, $Username, has been disabled and the password has been changed"
27.  
28. #Imports session to Exchange server to enable remote management
29. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://[FQDN of Exchange Server]/PowerShell/ -Authentication Kerberos -WarningAction:SilentlyContinue
30. Import-PSSession $Session
31.  
32. #Checks for Mailbox assigned to user
33. $EmailAddress = Get-Mailbox -Identity $Username
34.  
35.     If ($EmailAddress -eq $null)
36.     {
37.         Write-Host "The error occurred because $username does not have a mailbox"
38.  
39.         Get-PSSession | Remove-PSSession -WarningAction:SilentlyContinue
40.     }
41.     else
42.     {
43.             #Checks for assigned manager to user
44.             $Manager = (Get-Aduser (Get-Aduser -identity $Username -Properties Manager | Select-Object Manager).Manager).samAccountName
45.            
46.             IF ($Manager -eq $Null)
47.             {
48.                 Write-host "The above error occured because $username does not have a manager assigned"
49.                
50.                 #Hides user from GAL
51.                 Set-Mailbox -Identity $Username -HiddenFromAddressListsEnabled $true
52.  
53.                 Write-Host "The mailbox for, $Username, has been hidden from Exchange Lists"
54.  
55.                 #Removes remote session to exchange server
56.                 Get-PSSession | Remove-PSSession -WarningAction:SilentlyContinue
57.            
58.             }
59.  
60.             else
61.  
62.             {
63.                 #Hides user from GAL
64.                 Set-Mailbox -Identity $Username -HiddenFromAddressListsEnabled $true
65.  
66.                 #Grants manager access to user mailbox
67.                 Add-MailboxPermission -Identity $Username -User $Manager -AccessRights Fullaccess -InheritanceType all
68.            
69.                 Write-Host "The maillbox for $Username has been hidden from Exchange Lists and $Manager has full access to the Mailbox"
70.  
71.                 #Removes remote session to exchange server
72.                 Get-PSSession | Remove-PSSession -WarningAction:SilentlyContinue
73.            
74.             }
75.     }
76.  
77.    
78.  
79. }